In response to a recent ExponentCMS security vulnerability which allows a cross-site script injection to allow anybody to create a new admin user, I’ve written the following script that will automatically apply the necessary patch.
Suggested usage:
find /home/*/public_html/framework/datatypes -name user.php -exec python fixRegBug.py {} \;
#!/usr/bin/env python
# encoding: utf-8
"""
fixRegBug.py
Created by Ron Miller on 2011-05-03.
Copyright (c) 2011 Youcentric Solutions. All rights reserved.
"""
import sys
import os
def main():
if sys.argv[1] is None:
print "Please specify path to user.php"
exit(255)
oldfile = open(sys.argv[1], "r")
newfile = open(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), "w")
for line in oldfile:
if "if(isset($params['is_admin']) || isset($params['is_acting_admin'])) $this->checkAdminFlags();" in line:
line = "\t$this->checkAdminFlags();"
newfile.write(line)
newfile.flush()
print "Found and fixed vulnerability in %s" % sys.argv[1]
else:
newfile.write(line)
newfile.flush()
newfile.close()
oldfile.close()
os.rename(sys.argv[1], os.path.join(os.path.dirname(sys.argv[1]), "user.old.php"))
os.rename(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), sys.argv[1])
if __name__ == '__main__':
main()
I had a niche need to make an easy summary of user directory sizes for an FTP server where the users’ homes could be in one of a few locations. I whipped up this script which should make it easy even for an ultra-novice to get this summary:
#!/usr/bin/env python
import subprocess
def run_this(commandline):
process = subprocess.Popen(commandline, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
out,err = process.communicate()
return out
print "Now calculating home directory size for all non-system users.\nThis may take a few minutes, please wait."
file = open('/etc/passwd','r')
userlist = list()
for line in file:
user = line.split(':')
if int(user[2]) >= 1000 and "nobody" not in user[0]:
usage = run_this("du -hs " + user[5] + " | cut -f 1")
userlist.append([user[4].split(',',1)[0], usage.strip()])
file.close()
print "\nStorage Consumed by Users"
print "------------------------------------------------\n"
for userinfo in userlist:
print userinfo[0] + "\t\t\t" + userinfo[1]
print "\n"
Anybody who’s adminned a Virtualmin server has probably had update hell. One that I personally have had to wrangle with is where Virtualmin will randomly disable email accounts, resulting in frustrated users calling you when noone can email them. I’ve written a quick Python script to dump out a list of all disabled email accounts to reduce the inevitable frustration caused by this issue, allowing one to quickly find all of the disabled emails and re-enable them, hopefully before anyone complains. 
#/usr/bin/env python
file = open('/etc/postfix/virtual','r')
activemails = list()
for line in file:
if '@' in line:
activemails.append(line.split(None,1)[0])
file.close()
file = open ('/etc/passwd','r')
for line in file:
if '@' in line and '/bin/false' not in line:
email = line.split(':',1)[0]
if email not in activemails:
print email
file.close()